This topic provides descriptions of the various notification output dialogs. You configure notification outputs in the Administration > System > Notifications > Output tab. Notifications are basically the destinations used for sending notifications. For ESA, notifications enable you to define how you want to receive the ESA alerts. The following are the different notifications supported by Security Analytics:

On the Output tab, click and then select a notification output (Email, SNMP, Syslog, or Script) The Define Notification dialog is displayed for your selection.

Features

There are four notification dialogs, which allow you to configure notification outputs.

Email

Email notifications enable you to define the destination email address to which you can send the alerts. It also enables you to add a custom description in the subject of the email and also to define multiple destination email addresses.

The following figure shows the Define Email Notification dialog.

The following table lists the various parameters that you need to define for the email notifications.

Parameter

Description

Enable

Select to enable the notification.

Name

A name to identify or label the notification.

Description

A brief description about the notification.

To Email Addresses

Describes the destination email address to which the alert needs to be sent.

Note: You can define multiple email addresses.

Subject Template Type

Lists available templates for creating a subject. When you choose a template, the Subject field is automatically filled in with the code for your chosen template.

Subject

Custom description about the triggered alert. This information is automatically filled in if you choose one of the predefined templates from the Subject Template Type drop-down menu.

Note: To provide a custom subject, please refer to Include the Default Email Subject Line topic in the System Maintenance Guide.

SNMP

SNMP notifications enable you to define the SNMP settings to send alert notifications.

The following figure shows the Define SNMP Notification dialog.

The following table lists the various parameters that you need to define for the SNMP notifications.

Parameter

Description

Enable

Select to enable the notification.

Name

A name to identify or label the notification.

Description

A brief description about the notification.

Trap OID

The object ID for the SNMP trap on the trap host that receives the event. The default value is 1.3.6.1.4.1.36807.1.20.1. This value is a hierarchical name that represents the system that generates the trap. 1.3.6.1.4.1 is the common prefix for all enterprises and 36807.1.20.1 identifies Security Analytics.

Message OID

The message object identifier for the SNMP trap.

Variables

Additional information that should be included within the trap. It is a variable that is a name value pair.

Syslog

Syslog notifications enable you to define the Syslog settings to send alert notifications.

The following figure shows the Define Syslog Notification dialog.

The following table lists the various parameters that you need to define for the Syslog notifications.

Parameter

Description

Enable

Select to enable the notification.

Name

A name to identify or label the notification.

Description

A brief description about the notification.

Severity

Defines the severity of the alert.

Encoding

Defines the encoding format. In some environments where no regular character sets are used (for example, Japanese characters), this field will help selecting the right encoding of the characters.

Max Length

The maximum length of a Syslog message in bytes. The default value is 2048.

Messages that exceed the maximum length are truncated when the Truncate overly large syslog messages checkbox is selected, which is found in Administration > System > Legacy Notifications. Legacy Notifications Configuration Panel provides additional information.

Include Local Timestamp

Select to include the local timestamp in messages.

Include Local Hostname

Select to include the local hostname in Syslog messages.

Identity String

An identity string to be prefixed to each Syslog alert. If the string is blank, no identity string is prefixed to the outgoing Syslog alerts. You can use this to identify the alerts from ESA.

Script

Script notifications enable you to define the Script that executes in response to the alert. You can use any script for ESA notifications.

The following figure shows the Define Script Notification dialog.

The following table lists the various parameters that you need to define for the Script notifications.